Monday, 5 September 2011


The MMPC have blogged about 'Win32/AdsLock' a sort of ransomware who ask you to complete online advertising (cpa surveys), instead of money request

There is no unlock code (no function inside) for these generated Adslock.
Here is a screenshot of the 'Constructor'

Adslock.A is dropped into:
C:\Documents and Settings\(user)\Start Menu\Programs\Startup
Using horrible vb api rtcFileCopy, and outdated tricks for 'hide' the taskbar and 'block' taskmgr.

Stub stored inside, that will be easy for AV guys to detect this threat.

The following url was identified:

1 comment: